If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

oid etc

Agreed on LDAP, although there are licensing costs associated with using OID. Check this out: http://en.wikipedia.org/wiki/Oracle_Internet_Directory Can't vouch for it, but it sounds good and we are likely going to implement it in the next year to manage all database users, if we get the funding this budget cycle.

Also the comment on Enterprise Manager is a cleaner way if you have the oracle password (and don't have to sudo to it). (Most recent version finally works with sudo I think, but most people don't have that yet.)

As for ksh, then you are set. This is easy to do if you run it somewhere you have sqlplus and a tnsnames file. Exactly how you do it would depend on your specific setup and tools available in unix. If your tnsnames file is accurate and doesn't have a bunch of garbage, you could parse that and use it to drive a while loop. Or create a list of servers and databases. Even better, just have a list of hosts and (if you have rsh enabled, we don't for security) you can simple execute commands remotely to do a ps -ef | grep ... and get a list of running databases on each host, then iterate over them.

You can autodetect which version in a ksh script and still get the 'values' password this way, just recoded my auto-schema-refresh script to work with 11g. Note that the username field is now NAME not USERNAME, as well.